Thor, how about creating a fake copy of the office with a fake printer? The attacker gets as much original/restricted copies as he wants to!(!)
On Mon, Jan 31, 2011 at 4:36 PM, Thor (Hammer of God) <t...@hammerofgod.com>wrote: > Yes, it comes in very handy for those who need to ensure that the documents > they placed on open shares be held at the printer for security. > > I love this part: "The adversary can then either print two copies of the > victim's file and leave > one on the printer for the victim, or print one copy of the victim's file > and photocopy it before > leaving the original on the printer for the victim, or print one copy of > the victim's file and take it > resulting in the victim thinking that perhaps they didn't click the print > icon after all." > > They forgot to add "Or, the attacker could open the spreadsheet from the > share." LOL > > t > > From: full-disclosure-boun...@lists.grok.org.uk [mailto: > full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Cal Leeming > [Simplicity Media Ltd] > Sent: Monday, January 31, 2011 6:19 AM > To: Ed Murphy > Cc: full-disclosure@lists.grok.org.uk > Subject: Re: [Full-disclosure] Vulnerability discloses PIN used in > Microsoft Excel secure printing > > Wtf, I've never heard heard of a 'secure' print :S > > On Mon, Jan 31, 2011 at 8:01 AM, Ed Murphy <ed.b.mur...@gmail.com> wrote: > Hello list, > > Stumbled across this today. It appears Excel spreadsheets store > printer information including the PIN you might use when trying to do > a "secure" print. > > > http://insecureprinting.com/Microsoft_Excel_Spreadsheets_Expose_User_PIN_Used_for_Confidential_Secure_Printing.pdf > > The paper is quite thorough and shows that in most cases the PIN is > stored in clear text in the spreadsheet, though some printer vendors > try to obfuscate the PIN (though not very successfully). > > Thanks, > Ed > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/